On Mon, Mar 09 2015, David Rientjes <[email protected]> wrote: > Mempools keep elements in a reserved pool for contexts in which > allocation may not be possible. When an element is allocated from the > reserved pool, its memory contents is the same as when it was added to > the reserved pool. > > Because of this, elements lack any free poisoning to detect > use-after-free errors. > > This patch adds free poisoning for elements backed by the slab allocator. > This is possible because the mempool layer knows the object size of each > element. > > When an element is added to the reserved pool, it is poisoned with > POISON_FREE. When it is removed from the reserved pool, the contents are > checked for POISON_FREE. If there is a mismatch, a warning is emitted to > the kernel log. > > + > +static void poison_slab_element(mempool_t *pool, void *element) > +{ > + if (pool->alloc == mempool_alloc_slab || > + pool->alloc == mempool_kmalloc) { > + size_t size = ksize(element); > + u8 *obj = element; > + > + memset(obj, POISON_FREE, size - 1); > + obj[size - 1] = POISON_END; > + } > +}
Maybe a stupid question, but what happens if the underlying slab allocator has non-trivial ->ctor? Rasmus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
